Topic
  • 1 reply
  • Latest Post - ‏2014-04-25T16:30:43Z by ScottH
Jason_________________________
1 Post

Pinned topic Appscan Source v8.8 - Stack Overflow and Numerous Errors When Parsing PHP Project

‏2014-01-03T05:17:41Z |

When attempting to scan a new PHP project under AppScan Source v8.8, numerous parsing errors are reported:

Log output: 12/18/13 15:48:30 - Parsing error at foo.php(448,47) due to: illegal character
Log output: 12/18/13 15:48:30 - Parsing error at foo.php(448,48) due to: found/expected  identifier/& ( + - :: || && or and xor | ^ . * / % << >> === !== == != < <= > >= instanceof ? :

 

Code Trigger: $sanitized1 = (null === $sanitized1) ? App\User::someFunc() : $sanitized1;   //Parsing error caused by '\' in "App\User"

 

Furthermore a stack overflow is triggered in icuuc49.dll and the scan is halted.  Who should I contact in order to file a formal bug report?

 

0:014> r
eax=00000400 ebx=2ef9af84 ecx=27dfca30 edx=2ef9af84 esi=0f36180c edi=27dfca30
eip=4a82522c esp=0f360e68 ebp=0f361280 iopl=0         nv up ei ng nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010286
icuuc49!ucnv_fromUChars_49+0x1c:
4a82522c 53              push    ebx
0:014> kb
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
0f361280 00000000 27dfca30 0f3612bc 00000400 icuuc49!ucnv_fromUChars_49+0x1c
0:014> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************
 
 
FAULTING_IP: 
icuuc49!ucnv_fromUChars_49+1c
4a82522c 53              push    ebx
 
EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 4a82522c (icuuc49!ucnv_fromUChars_49+0x0000001c)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 0f360e64
Attempt to write to address 0f360e64
 
CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000400 ebx=2ef9af84 ecx=27dfca30 edx=2ef9af84 esi=0f36180c edi=27dfca30
eip=4a82522c esp=0f360e68 ebp=0f361280 iopl=0         nv up ei ng nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010286
icuuc49!ucnv_fromUChars_49+0x1c:
4a82522c 53              push    ebx
 
FAULTING_THREAD:  00000b88
DEFAULT_BUCKET_ID:  INVALID_STACK_ACCESS
PROCESS_NAME:  AppScanSrc.exe
OVERLAPPED_MODULE: Address regions for 'actionobjects_win32_4_0_0' and 'sacw3270.dll' overlap
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1:  00000001
EXCEPTION_PARAMETER2:  0f360e64
WRITE_ADDRESS:  0f360e64 
FOLLOWUP_IP: 
icuuc49!ucnv_fromUChars_49+1c
4a82522c 53              push    ebx
NTGLOBALFLAG:  0
APPLICATION_VERIFIER_FLAGS:  0
APP:  appscansrc.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
PRIMARY_PROBLEM_CLASS:  INVALID_STACK_ACCESS
BUGCHECK_STR:  APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER:  from 00000000 to 4a82522c
STACK_TEXT:  
0f361280 00000000 27dfca30 0f3612bc 00000400 icuuc49!ucnv_fromUChars_49+0x1c
STACK_COMMAND:  .cxr 0x0 ; kb
SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  icuuc49!ucnv_fromUChars_49+1c
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: icuuc49
IMAGE_NAME:  icuuc49.dll
DEBUG_FLR_IMAGE_TIMESTAMP:  50febd48
FAILURE_BUCKET_ID:  INVALID_STACK_ACCESS_c0000005_icuuc49.dll!ucnv_fromUChars_49
BUCKET_ID:  APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE_icuuc49!ucnv_fromUChars_49+1c
ANALYSIS_SOURCE:  UM
FAILURE_ID_HASH_STRING:  um:invalid_stack_access_c0000005_icuuc49.dll!ucnv_fromuchars_49
FAILURE_ID_HASH:  {60da09f8-a8b4-d27b-a63d-b484a61bbca9}
Followup: MachineOwner
---------
0:014> dc esp
0f360e68  ???????? ???????? ???????? ????????  ????????????????
0f360e78  ???????? ???????? ???????? ????????  ????????????????
0f360e88  ???????? ???????? ???????? ????????  ????????????????
0f360e98  ???????? ???????? ???????? ????????  ????????????????
0f360ea8  ???????? ???????? ???????? ????????  ????????????????
0f360eb8  ???????? ???????? ???????? ????????  ????????????????
0f360ec8  ???????? ???????? ???????? ????????  ????????????????
0f360ed8  ???????? ???????? ???????? ????????  ????????????????
0:014> dds ebp
0f361280  0f3616c0
0f361284  4a854832 icuuc49!ures_openU_49+0xd2
0f361288  27dfca30
0f36128c  0f3612bc
0f361290  00000400
0f361294  2ef9af84
0f361298  00000035
0f36129c  0f36180c
0f3612a0  0f36180c
0f3612a4  0f361790
0f3612a8  0f361924
0f3612ac  0f36180c
0f3612b0  0f361924
0f3612b4  00000035
0f3612b8  0f3612bc
0f3612bc  00000000
0f3612c0  00000000
0f3612c4  00000000
0f3612c8  00000000
0f3612cc  00000000
0f3612d0  00000000
0f3612d4  00000000
0f3612d8  00000000
0f3612dc  00000000
0f3612e0  00000000
0f3612e4  00000000
0f3612e8  00000000
0f3612ec  00000000
0f3612f0  00000000
0f3612f4  00000000
0f3612f8  77162fe7 ntdll!RtlpLowFragHeapAllocFromContext+0xaec
0f3612fc  787d84df
 
 
###############################################################################
!ENTRY org.eclipse.ui 4 4 2013-12-18 23:15:16.667
!MESSAGE Failed to update action com.ouncelabs.osa.rcp.actions.include
!STACK 0
org.omg.CORBA.COMM_FAILURE:   vmcid: 0x0  minor code: 0 completed: Maybe
at org.jacorb.orb.giop.ReplyPlaceholder.getInputStream(ReplyPlaceholder.java:133)
at org.jacorb.orb.ReplyReceiver.getReply(ReplyReceiver.java:275)
at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:1074)
at org.jacorb.orb.Delegate.invoke(Delegate.java:939)
at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:484)
at com.ouncelabs.presentation.presentationlayer._ProjectStub.canExportProject(_ProjectStub.java:3023)
at com.ouncelabs.presentation.datalayer.Project.canExport(Project.java:736)
at com.ouncelabs.presentation.datalayer.Project.canSave(Project.java:714)
at com.ouncelabs.presentation.datalayer.Project.isReadOnly(Project.java:1209)
at com.ouncelabs.osa.rcp.actions.ExcludeFileObjectActionDelegate.selectionChanged(ExcludeFileObjectActionDelegate.java:88)
at org.eclipse.ui.internal.PluginAction.refreshEnablement(PluginAction.java:206)
at org.eclipse.ui.internal.PluginAction.selectionChanged(PluginAction.java:277)
at org.eclipse.ui.internal.ObjectActionContributor$1.run(ObjectActionContributor.java:157)
at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:42)
at org.eclipse.ui.internal.ObjectActionContributor.contributeObjectActions(ObjectActionContributor.java:160)
at org.eclipse.ui.internal.ObjectActionContributorManager.contributeObjectActions(ObjectActionContributorManager.java:97)
at org.eclipse.ui.internal.PopupMenuExtender.addObjectActions(PopupMenuExtender.java:262)
at org.eclipse.ui.internal.PopupMenuExtender.menuAboutToShow(PopupMenuExtender.java:339)
at org.eclipse.jface.action.MenuManager.fireAboutToShow(MenuManager.java:342)
at org.eclipse.jface.action.MenuManager.handleAboutToShow(MenuManager.java:473)
at org.eclipse.jface.action.MenuManager.access$1(MenuManager.java:469)
at org.eclipse.jface.action.MenuManager$2.menuShown(MenuManager.java:495)
at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:255)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1077)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1058)
at org.eclipse.swt.widgets.Control.WM_INITMENUPOPUP(Control.java:4881)
at org.eclipse.swt.widgets.Control.windowProc(Control.java:4557)
at org.eclipse.swt.widgets.Canvas.windowProc(Canvas.java:341)
at org.eclipse.swt.widgets.Decorations.windowProc(Decorations.java:1627)
at org.eclipse.swt.widgets.Shell.windowProc(Shell.java:2069)
at org.eclipse.swt.widgets.Display.windowProc(Display.java:4976)
at org.eclipse.swt.internal.win32.OS.TrackPopupMenu(Native Method)
at org.eclipse.swt.widgets.Menu._setVisible(Menu.java:257)
at org.eclipse.swt.widgets.Display.runPopups(Display.java:4210)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3752)
at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:2701)
at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2665)
at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2499)
at org.eclipse.ui.internal.Workbench$7.run(Workbench.java:679)
at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:332)
at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:668)
at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149)
at com.ouncelabs.osa.rcp.application.AppSecApplication.run(AppSecApplication.java:40)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:613)
at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:353)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:613)
at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:629)
at org.eclipse.equinox.launcher.Main.basicRun(Main.java:584)
at org.eclipse.equinox.launcher.Main.run(Main.java:1438)
 
###############################################################################
osa.log
ERROR 11:56:36 12/18/2013 datalayer.ServerManagerConnection$KeepAliveThread - 
org.omg.CORBA.COMM_FAILURE:   vmcid: 0x0  minor code: 0 completed: Maybe
at org.jacorb.orb.giop.ReplyPlaceholder.getInputStream(ReplyPlaceholder.java:133)
at org.jacorb.orb.ReplyReceiver.getReply(ReplyReceiver.java:275)
at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:1074)
at org.jacorb.orb.Delegate.invoke(Delegate.java:939)
at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:484)
at com.ouncelabs.presentation.presentationlayer._PresentationFactoryStub.keepAlive(_PresentationFactoryStub.java:5379)
at com.ouncelabs.presentation.datalayer.ServerManagerConnection$KeepAliveThread.run(ServerManagerConnection.java:170)
 
ERROR 11:56:38 12/18/2013 util.ExceptionHandler - 
org.omg.CORBA.COMM_FAILURE:   vmcid: 0x0  minor code: 0 completed: Maybe
at org.jacorb.orb.giop.ReplyPlaceholder.getInputStream(ReplyPlaceholder.java:133)
at org.jacorb.orb.ReplyReceiver.getReply(ReplyReceiver.java:275)
at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:1074)
at org.jacorb.orb.Delegate.invoke(Delegate.java:939)
at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:484)
at com.ouncelabs.presentation.presentationlayer._AssessmentTaskStub._wait(_AssessmentTaskStub.java:939)
at com.ouncelabs.presentation.datalayer.Task.waitForTaskStatus(Task.java:57)
at com.ouncelabs.presentation.datalayer.Task.run(Task.java:42)
at com.ouncelabs.presentation.datalayer.AssessmentTask.run(AssessmentTask.java:72)
at com.ouncelabs.presentation.datalayer.AssessmentRunManager$2.run(AssessmentRunManager.java:108)
at java.lang.Thread.run(Thread.java:780)
  • ScottH
    ScottH
    18 Posts

    Re: Appscan Source v8.8 - Stack Overflow and Numerous Errors When Parsing PHP Project

    ‏2014-04-25T16:30:43Z  

    Hi Jason,

    The most common cause for this kind of parsing error when scanning PHP code with AppScan Source is the use of namespaces introduced with PHP 5.3.

    At this time we do not support PHP 5.3 but support through PHP 5.2.  An RFE is open to request this support and is expected in a future release to AppScan

    If you are not using namespaces, please open a support case so that the problem can be investigated further.

    Scott